Thomas Owen, Head of Security at Memset:
What can users do to prevent themselves from becoming a victim?
“Many of these exploits require vulnerabilities in the browser or Operating System, ensuring the user’s browser and OS are up to date (and have automatic patches) and running a reputable antivirus product will protect you from the majority of these issues. Browser plugins such as Web of Trust can also help warn you when attempting to visit a site that is known to be compromised or host malware. Lastly, general good hygiene is key – don’t routinely visit some of the less ‘reputable’ sites on the internet.”
How can websites be prevented from being hacked to push this kind of malware?
“First, last and always – Patch your CMS! Out of date CMS, such as WordPress or Drupal are 100% the main culprit for allowing sites to be compromised and to begin hosting malicious scripts and files. Users should also keep on top of password and admin management, ensuring that any administrative access to your hosting infrastructure and CMS is protected by, at minimum, strong random passwords. Default credentials (the password that is set up on installation) or easy to guess passwords mean that people don’t need to ‘hack’ your site, they can just log straight in and upload malware. Numerous products provide real-time or periodical scanning and monitoring of websites in order to detect changes and the presence of malicious scripts and files. These are a great backstop to ensure you catch the problem after everything else has failed.”